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ABSTRACT 


This thesis is a continuation 9€& the study work done by 
Moeaqicio ( M.S. thesis, Naval Postgraduaze School, 1982 } 
concerning personnel datapass in the Indonesian Navy. 

I* discusses the current dacabase security end «he 
Bemeep. Of Maltics (Multiplexed Information and Cemputing 
Systém) to propese a personnel database security modél in 


she Indonesian Navy. 
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Miees  =hesis 25 a cContifuation of <t 
xcsliminary Parsonnel Dati Base D2sign 
Navy ", by Moedjiono at the Naval Pos 
Mencereay, California, June 1982. 

Since 1977, the Indonesian Navy Data Canter 
(DISPULAHTAL) has collected and processed partsonnel data to 
Support the leadership in the Navy in their decision ace 
In 1980 work began on the desigi of perscnnel Gatabass 
System. Gonede-cizceton Ofepersounme! data <ook plece only 


within the Desartment of Personnel and was limited to admin- 


| 


strative purposes. However, other’ departments in che Navy, 
eitemeas Inteliigence, Operations, Logistics, and Planning , 


mag =O WOrK With an increasing and more comolex amount of 


data. Weth every department maintaining its own parscnnesl 
data there were discrepancies. Infocmation was often incom- 
Pee -G€ Or uniformly updated, sinss nor all departments 
Meceived de~e changes. Ths increasing availability cf data, 


: 


v 
and +he importance of tinely de a smphasized the 
heed to establish a computer systém which could acccmmed 
these needs. 

meee SRE DEM2acLCn 15° a rtecogrzized source of economic 
Mabe, the data wich comprise th information skould be 
Bedeed adequately. £2. 8. Fernandez (Ref. 5] defines infor- 


maticn as: 


pepe ns..caleposcource in today's entenpprises, whether they 
are industrial, eQlMueome2s U2 aNcstional, or Civic. 
MesorMaeton has been widely recognized es @ resource of 
economic value to an enterpriss. 





Mis chests praposes tO continus ‘the design work of 3 
pezsonnel database system begun in 198). 
As the use of computers increas2s, che number of people 


who might have access to confidantial information also 


increases, emphasizing the importance of iccess securit 


S 


In the military, a leakage of information could endanger 


national security. Data on secrét weapons, numbers and 


@estribution of personnel, eN-aegency procedcuses, and 

personnel back ground are Mpoctant ae the encmv. 

iacetnally, HeaswSemem stata Tay E=sult in corruption ie 

eeeels of data in compiling salary lists or thef* cf secret 

informaticn for use by the enemy. The absence of any type 

Seedata protection may lead t0 ualntentional errors by an 
i 


i: 
Spemwatcr Testlting in the destmuction cr damage o 
Natural disasters also may destroy informa 
Damaged information may lead to inaccurate dec 

fey jecpardiz> national sesurity. 

To prevent the above mentioned problems, it is ¢ssential 
to provide protective mechanisms ¢5 database sys*en 7 
O@cher words, cher2 is a nsed for database security. 

In view of the developments or personnel database in the 
Indonesian Navy and the absence .€ ovorotective —— 
Mees =28sSiS Propose a concep* to provide security for da 
Sees Will be the basis for decisions mad2> by the eciataus 


of the Navy. 


There are many variscties of iatabas2 +tyno2s, DU eas 
thesis will be limited *> the security of oversonnel data- 
Base. The Six secticns cf this thasis are: 

i. Pn US. 2On\. 
i . The current proposed psrsonnel database 
systems 


mime tne nescis for security protestion. 
ney . Too Mulitecs concepts. 


10 





Vin Implementation of Multics in database 


security. 


Vi. Geneclustons and Recomm men daticIs. 


This personnsl database security concap*+ will be a 
con*ribution to the security of computerized data processing 


in the Indonesian Navy. 


117 





The present Database systems (R2f. 3] have the follcwing 


objectives: 


- Reducing redundancy 

- Sharing of data 

- Avoiding inconsistency 

- Enforcing standards 

- Maintaining integrity, ind 


Bmeealancang cit conflicting requirsments. 


This databas2s contains 97 data elanents divided into two 
fexet. 10) basic groups; 


1. Static data elements. 


2. Dynamic data elements. 


A. STATIC DATA ELEMENTS 


Recs Cc 8G2sea CloMiencs COmads: of data that @wail not 
change frequently. 

For example: 

Meio identification constitutes a Gaouevacy iesele 
containing the elements number2d 101 <0 108. Data ele 
Tarely retrieved by applications programs are entered inte 
Personnel Characteristic (element # 200) Wena Tc Ur 
Mevaaged intc the following four sub-groups: 

1. Marriage subgroup (element # 300) containing 
numbered 3017 and 302. 

2. Address subgroup (element # 490) containing elements 
Rumbered 401 +0 403 . 


12 





Be) BOdY characteristi Subjcoup (elemen-z 
contaiaing elements numbereji 501 to 511. 
4. Category and Status subgr dup (element 


containing elements numbered 501 to 6907. 


B. DYNAMIC DATA ELEMENTS. 

Dynamic data elements are thoss which are 
Changed. Bi Voeetr oO Vec2a 2nto sevegal Subgr 
Peeraging =o their historical data. [hese groups i 

ee RakK group (element # 709) Contant 3 


2. Profession group (element # 300) containing elements 
numbersd 801 to 810. 

BemeaMcatlon group (Clsment € 999) containing ¢léments 
humbered “901 to 909. 

4. Education group (element # 1100) containing elements 
mumbissa eNO) —2onll06. This group 1s divided? intovzsxe 
Sag L£ouos:: 

eecawi eZ eond —PEOnession Subgreup (slement 4 1200) 
contéining elements numbered 1201 to 1204. 
PemromolyeeaducstioOn Sutgroup (tlemen= # 1300) 
Comecw eng e¢lsmen-s nunbsred 1301 t5 1363. 

5. Payroll group (element # 1490) containing elements 
number2d WO te 1414, 

Pe O2GUSItyY grsup (element # 1390) ccntaining elements 
nemperead 1301 20 1506. This jgcowp is diviagsd intc the 
following two(2) subgroups: 

a. Wh involved subgroup (slemeanc # 1509) containin 
elements numbered 1601 t5 1693. 
b. Measures subgroup (clenenct # 1700) containing 
element numbered 1701 => 1703. 
(Fo> complete overview of element aunbering set Appendix A.) 


iS 


4 OOD 
: 6 UO) 
BeSquen 2 


ups corre- 


include: 


elements 








The above database system for 


heated in the model below: 


MAINID 


CES wan RANK PROP E. EDDS 


MARR ADDR BODYCHAR CATEG Sues 


FACT 


Meir PAYROLL 


EEDUG 
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SEC 


WHC MEAS 





III. THE NEED FOR SECURITY PROTECTION 


A. GENERAL APPROACH 


The use of automated data orscassing = 
S 


bu 


e 
uze <= Dc 
— ae —_ w Ws ke 


become widesprea bec m 
2S Of (Unf ozna <1 on 


ct 


SszOrage of vast 32mcun 


it 


The military benefits from the usa of computers in 
O° 


Cc 
eerie and eccuracy cf£ data colilsctz#on which results in 
timely and improved decisions. Besii=t these advantages a 

= Ss 


hard-to-solve problem emerges, that 2f information 
a 1 


(D 
WW 
e 


fine Casic prebtem 2s illustratsi in) Figur: 
data at varidsus security levels desire simultaneous access 
to zthe machine's resources. 

Data with all security levels are stored on the syste 


(+ 8 


ja 


Msers with proper security credentials Ee G@2an ed da 


fu 
4 


a 
accesses. Navy security policy r2guires ths* an individu 


rf 


CS - 
~~ 


he 
= 
2 — 


rt 


Mist possess the required non-discréeticnary! and disc 


14 


cr 


tionary? privileges before being granted access t0 
BoEOrmMation. 

Mmetect,  2pplication of cComputsrs in Inddnesia is new, 
Bemcer=ful coASideretions should accompary the design end 


miplementation of the basic concepts of database securitv. 


- 


—eeewew =P ae SP ae Se ee ee ee ee ee Se 


mice a1 secastJOnary Seslcncy Sequires that the individual 
has a security _clearence of higheft or equal level than the 
level of the information requested. 


eDiscretiosrary Seco requ 
-hRON & 


eto: al 728 Wael, 
DoSSéeSS2S a proper need-t 6 


ea 1n FCSmaz ion 
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PROCESSOR 
S3G7U,; “etc. 


USER l 
2 
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e 





DATA STORAGE 





PeSTORAGE PACILETY : MULTI LEVEL 
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Frequent foul play often takes place because of the lac 
eof protection when using comput2r systems, as well as 


protection of the database systems. 


In the military, particularly, informaticn is véry 
important. becewcde OL ConSsUpeton SE @ilitary inforhation 
could endanger national security. Information about secret 


weapons, numbers and distribution of personnel, emeraq2nc 
procedures, and personnel background /data ar¢ all ver 
important to the enemy. On the other hand, for authorize 

Meers Updated data 1S very impor t3a2% since an error in the 


data may preduce faulty decisions. 


Be. DEFINITIONS 


Many definitions are used in datapase security. The 
most widely used definitions according to Fenandéz £E.8. 
(1981) [Ref. 5) area 


Peel nior ma “ion See PISMO toct2 On Of information 
oo S- unauthorized erate Ate ekatlOn,- OF dest luc 
Ss 


Eebacabase Security is “he protection Cf, AnNfOrme tion 
fas 21S5)Metntained in a database. 


C. SECURITY THREATS 


A databas2 security violation Sen as Whau here 


$v 
my 
ct 
f) 
~ 
aw 
th 


n 
Gaegecreading, modification, or dsstruction of information 
+ 


O 
Beored in the database. Possible thr2ats to the security of 
a computer system may be broadly cl d as 2ither nali- 


@woue OF accijental acts. 
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DATABASE APPLICATION PROGRAMMER 
Unauthorized access HAROWARE SYSTEMS SOFTWARE Programming of applications 
Copying Failure of protection mechanisms = Failure of protection mechanisnis to behave contrary to 

Theft Contribution to software failure Information leak aye specification 
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Figure 3.2 Security Threats. 


ioerswaure 32:2 , we see the possibility of a malicious 
conduct by exploiting locpholes in ‘the system. There are 
also threats resulting from human errors, such as acciden- 
Soaeey G2estroying information, or allowin i+ to be sesn by 
unauthorized people. In addi%%i0n, aatural disasters may 
des=roy or prevent access ¢o information. These threats are 


classified as nonmalicious threats. 
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D. SECURITY PROCEDURES AND MECHANISSS 


Security threats arise from a wids variety of sources, 
therefore procedures nd mechanisms nec y 
secure environment must cover many areas of the enterprises. 

Exc2rnal procedures nust be set up so that security 
mechanisms implemented within the system can be effective. 
We must select personnel who have access to highly classi- 
fied information through security clearance procedures. 

Storage devices and other hardware must be physically 
protected against any damage from natural disasters or mali- 
cious attack. Protection of removable storage against theft 
is also necessary. We also need backup syscems for copying 
Memetiles at different locations ¢t 5 protect against infor- 
mation loss. 

Information may be stolen or taop2ed during transmis- 
Eeens, and encoryption is sone way *9 protect this data. 

In summacy, the security of a database depends on 2 
complex set of protective neasures: human, software, and 
hardware [Ref 14]. 


Ee. SECURITY POLICIES 


An access-control3 system determines the way a subject* 


may acce2ss5 data or objects.® 


peaeceess-concrol. A strategy f96F protecting sbjects fron 
unauthorized access. 


_ “Subject. An active user of a computer system together 
Mmmm daddy O~h2ert eGntity acting on beh2lf of 2 user or on 
behalf of the system; for example, processes, ae and 
procedures may e consid2r2d subjerts. Certain subjects may 
also be considered to be »sbjects of the systen. 

SAccess. The abliity and the naans necesary to store or 
retrieve data, to communicate with, or otherwise make use of 
any resource in a computsr systen. 

POD jecth In a formal s¢ecurity modal, an identifiable 
= SOurc> Saosmcomcemme: NOL £élaved sprity ci the systen; 
the counterpart of subject. Software-crezated entities such 
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Piejcware Many ktrds Sf aeeccess-Ssoa trol policies and thsy 
depend upon th? categories of infsrmation and the positions 


of =zhe users (subjects). 
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Figure 3.3 Access-type-dependent Access Control. 
Figure 3.3, shows a situaticn where not everybody can 
See the whole file. Users are given access to the file, 


Beeorading to their position. 


as files, programs and directories ars sbdjects, as well as 
hardware resources such as memory blocks, disk tracks, 
terminals, and tapes. 
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Areeteecess Can be Gf Saveral forns: 


i" 


- read 
- write 


append 


oa pp «£ 
! 


- délete, and 


(D 
' 


execute 

An executs access is often used but omitte EEO c nas 
model due to the fact that execut2 access in the proposed 
Pectection architecture is similar ts a tread access. 

To be qu2zlified to access specific data, 2 user must 
memeorm ©O the Malitary security conventions of classifica- 


feon, category, and need-*to-know. 
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Pigure 3.4 Combination of Compartmert and Levels. 

Ia military, for 2xample, the Army, Navy and Aiz Force hav3 

@uecerent kinds of categ On G82 ss5 rangeag trom op 
y 


aeecoloine On. os 





Semoacttmencal:zetwon and levels, 2 good policy for cortrol 


information flow tan be created. - 


F. MULTILEVEL MODEL 


This model introduc2?s the concept of levels and catego- 


<j 


tries. Each subject is assigned a cl2arance level, and sach 


object is assign a ciassification level. E 


very person in 
the military has different security levels that permit how 
far (s)he may access the file and how much (s)h2 can sse the 
fens 


a 
mele. Therefore a security level is 2 composits of: 
Shewse: Of 


}, where A is the classification livel and Bis 


categories. 


One security level is said t5 dominate another if and 
mely if: 
ies eomeasci tT eati16on or clearance level > the 


other, and 


(D 
i+ 
OD 
O 
ae | 
ct 
fr 
t a 
fo 
OF) 
ct 
J 
iD 
O 
ct 
‘7 
(D 
tt 
e 


James. Cate gqorvyes 
Clearance and classification levels ar2 ordered as 


Bellows: 


top secret > secret 
secret > confiden«ial 


Commesaontial > unclassified 


Security levels are only partially ordered however, so that 
some subjects and objects are not comparable. In Figure 3.5 


Meee 2s dominated by L1, since its level of classification 


and its set 9 categories is higher. On the cther hand 
Security levels of L1 and L3, Js-Snoe. COmOaranple. The 
elements of the above model are summarized in Figure 3.6 
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Figure 3.5 Ordering of Security Level. 


Access ++) an object can be through either ecbserving 
(READ) che object or altering (APPEND) the cbject, and from 


this combination we can determine th2 access type: 


* not both 
* READ 

* APPEND 

re Bs 


The multilevel model considers tha states of a s¢cure 
system, which are described by: 
1. the current access set, which is a sat of triples 
(eodlOgeec, OuNece », ecCess £ype ) Of (S,C,=)- 


wee an. 2Cccsss matr ias, 


Z3 
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Figure 3.6 
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Elements of the Multilevel Model. 
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the security level of each — Ce, ana 
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+he maximum and current secu 


subject 


Reguiremeats 


A user may 


clearance dominates 


ciearance 


Say if, 


military classifi 


to Read Data 


ir 


rom a Dat? 3st 


read a set of data if, and onl 
the classification of a data sex. The 
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of user (U) dominates a sat of data (D) 


category (0) c category (D) 
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( read D) 


24 


of each 
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cation (U) > military classification (D) 





Zeeewieem@enen COM ce Data ideS a Data 
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et 


A user may not write data into a set 9 


rh 


da =a Te tic 
classification of the data he is writing dominates the clas- 
peericatwon Of tha data into which h2 is writing. That is , 


1f the user wishes to write data (i) Piece wdaca Se. (DD), it 


is required that 


mel tatty classification (d) < military classification (D) 
Category (dj) 3 category (D) 
U need-to-know (write D) 
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IV. THE MULTI 


lo 
OQ 
IO 
1m 
1 
itd 
iro 
3 
twa 


A. GENERAL CONCEPT 


The Multiplexed Information and Computing System 
meet. 1) (MULTICS), employs the consept sf rings of protec- 


-~ 


tion, based ons 


1. Need *t9 know, and 


2. Firewall, to minimize damag2 du2 to errors. 


EaowcabayeDEQtection DE data ofr Objects in Multics is 
achieved by compartmentalizing all of the stored information 
into discrete packages called seqm2ats, wher? ¢ach is asso- 
ciliated with a set of access attributes. 

Thies chapter will discuss toe concepts of acces 
ZemlOl, PrOtsction, and filing concspts in Multics, since 
these filing concepts will be a basis for ths implementation 


of the existing personnel database in the following chapter 


Be. ACCESS CONTROL AND PROTECTION 


In Multics, compartmantalization [Ref. 11] is achieved 
through two primary méchanisms: 
He. Per-Seggaent Access Control 


Mmueecencentesc Rings of Protection 


These mechanisms complement on2 another. 


1. Per-segment Access Control 








Per-Segqment Access Ccntrol is ameéns of denoting 
and controlliaig the type 9f accéss to a particular shared 


segment given to an individual u 


CF 


2r. A segment may be 
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shared by two or more processes. The subject who 
segment and grants permission t5 share to a 
specify the type of access to be given t9 each grant 
emis praivalegs, Multics guarantees that a user can § 
+he information he creatas and files away for fur 
Multics permits the coexistence of many processes, each of 
which competes for the system's physical resources and 
employs the same file system hierarchy. 
mnie hiesatchweal  Glzeectecry Steuctuze iin Muitic 

which controls the file system looxs lik2 ordinary file. It 
includesauthors, useéers listing and access typ2 permitted t 
Men user which is granted individually. Each author listed 
Mmipche directory is associated with a file in the access 
@entrol list ( ACL ). 


RO 
e 
1a 


oncentric Rings of Protectio: 


THeSeng Meenanismy by cenzs32st, offers intrappiccess 
mee-ection cf a seg@ent.. The consentric-rings concep: is 
essentially a generalization of S (Supervisor) and U (user) 
domains. The sagments of any process are associated with i 
Permect generally two cr possibly morc concentric rings. 

ADEM wesc oalser Prevents 227 USer £=Om teferring to 


inner ting data segments which hav2 higher level classifica- 


On. A WSer is permitted tc access moze privileged proceé- 
dures only “hrough specially controlled entry points called 
Paates", 


By subsetting the segments of a process into rings 
and by effectively controlling intsaraction and ccommunica- 
tion between segments of differeat rings (supevisory or 
userlike), Multics has the potential to isolate trouble ard 
limit the damage in the systen. When an outside ring is 
damaged, this will not effect the inner ting, but damage tc 
mo] 2nn2rt cing will cause damage to the cutsids ring as 
well. 


oF 





Ring brackets are associated with accessible 


segments as shown in Figure 4.1. 
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Figure 4.1 Segment Privileges. 


Read and Writ? priviieges are always associated with a ring- 
Peacket starting at ring 0. In Figurs 4.1 for exampis, the 
mee bracket is defined as ring 0 to ring 4, which means 
Mee & a process is currently basing executed in cing 
0,1,2,3 or 4, then it may read the segment. 

tices. Diacket iS defined as ring 5 and 6, which 
means that only when a process is #xacuting in ring 5 or 6 
can it call this segment when the segment is being executed, 


Semeene process is in ring 3. 
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Prewaleses 7, Ali Storage ars organized as named 
segments, and the segment is the unit of protection. A 
segment can contain either data or procedures. 

A Multics process is usually associated with an end 
user who is identified by a uniqu2 number. In the databass 
context an end user invok2s a database application program 
by combining a number of procedures. Eventually one ci these 
Beocedures will calla DBMS proceiur2, which in turn may 
call other DBMS or operating-system procedures. The user can 
butld protected subsystems by grouping procedures into 
segments that can then be protected from one another. 

Associatei with each process is a descriptor 
segment, which is avactor of s2gment déscriptcr words 
(SDWs) providing addressability t> all the segqmen*s accés- 
sible to the process. A directory system is used to locate 3a 

ec 


Segment when it is first referenced by a process. The dir 


t4- 


St 
rm 


mOry entry fF a segment contairs an access-controi 1 


‘ 


specifying which users can access t232 segment and what their 
Eagnts are. If the requested access is authorized, the 
Segment is added to the user's virtua memory by adding the 


appropriate SDW to the user's descriptor segment. 
Initially all information is stored in the access 
Gemtrol list. However, when th2 segnant is first referenced, 
eue Information is copied into the 5DW for the segment. Fo 
every subsequent access by the process the SDW alone is 
checked by hardware to determine whether an access is 


authorized. 


C. SMOLTICS FILE SYSTEM 


The Multics filing system coasists of ‘two modules: 


pegment Control and Direstory Coatrol. Here, file and 


'd 
ck 
O 
ity 


Ss2gment are entirely synonynous, since the conce 
2. 


segment is merely an extension of *he concept of fil 


a 





The segment Control Module (SCM) interprets the intent 
of the user's symbolic references *5 segments. It determines 
eo Which, abe any, of the segment already known to tne 
process a given symbclic name refers. If none, the Segment 
Contrel Module must then determine if a new segment is to be 
created and placed in the hierarchy. 

When using the SCM, a Known Segment Table (KST) is 
needed to store segments currently part of th2= process. SCM 
maintains control over th2se refarence-name-segment-number 
pairs in a given process. Its job is to develop and reuse 
each name-number pair in its proper context. 

The diréctory Control Module (DIM) is used to search all 
mraquazies about the status or location of Segments and/or 
their descriptions, because only this module is permizted to 
read and alter the contents cf the directory segments. 


1. Directory Structure 


This filing system has a di ery  ScructurS that 

Sencteins two types of entries which nay be added to it: 
1. branches and 
oe iLinks. 

A branch is a detailed description of a segment 
located in the secondary storage of records that comprise 
the segment. A link is a special kind of named entry whose 
purpose is to point *o another entry, normally in some (any) 
Sener directory. This allews a useful form of cross- 


Seerencing cavability, to b@ superimposed over the basic 


(+ a 


ree structur2 formed by the branch-type eéentri 


«b 


Se Figure 
4.2 shows an example of the conceptual model of the file- 


System tree structure. 
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Pigure 4.2 Conceptual Model of th2 File-systea Tree Structures. 
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To reach a certain Dranch, 41 certain path is na¢eded 
using path_name and relative_path_namé. A path name, is 3 
feiss Of the node names from the root => the branch (or link) 
inclusive, wh2re elements of the List are sS2parat+ed by «ths 
“>" character. For example, momrsccerGcn Lr “sub the 


following path name is used: 


sete dss sGi= > pragec-1 > usetal_dizectory > sub", 


and to search for "sort" the path name us2d is: 


Ueis=5 dice dir > projesti > usaral.dicectory > sort" 


Se a ae 3 He a = = eS, Tees ee 
directory path name Sey 

name 
a ES Ge GEE -aeeD > oes cee eS oe en nee ee ae ee ee ee a nr we re 


fa Other words, <h2 Mult: 


4-2 
as 


Bok 25 GCOnStadersad a shorthand 
for symbolic pathname, ¢ e, 2t mmeroduces no addi- 


magma l structure. 


Busses SaOWs cia. £>Om dicsc=ory A, the symbolic 
mages 1S shorthand for "> BOE *, Any path name nav 
Begin with "> ", af a path name begins with 
>', the given vath is referred to as a rala 

At all times, an executing process is 
Meee a WOrKing directory. This is a dire 
happens te be currently "using". It is o 
MeekGT tO a pdint in the hierarchy from which 1% bsecon 

n 


convenient to describe a relativ? path =o other segme 


a2 





= quae a @ eee) oP ee PP Sa ewes Se cop me Ae es me ee me ee 


, 


ee, SO cen cage 


ROOT 


| ewer ee 
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Figure] 4.3 Interpretation of Links. 


Thus, a tre2 path toa particular aode may be described 
relative to the working directory 2f a process. For #xample 
referring to Figure 4.2 the path name for sort is simply 
"sort", and the path name for delets is "al_ library > delet: 
iT. 

I+ is also possible to use the relative path-name 
convention when referring to a branch ‘that is not a desceén- 


Meme Of the working directory. This is done with the aid of 


mae Character "<", It iS interpreted as parent of the 
Werking directory. Pie CC MEWOulim@iean parent of pazent of 
meme WOrKking directory, ani sc on. For ¢xample, relative 
meme name f5F <¢ usera3 directcry > is “<< project2 »> 
usera3 directory" or Puse sedan Ais > De Once 2 > 


meceta3 directory" 
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2. Elements of a Secure Multis 


tUl 


Corresponding to 323 state (b,M,£,H) aL 
mecOrmMation structure in Wultics ‘Ref. 2]. Tas, coll oveng 
correspondences have been identifiad: 


~- Segment Descriptor Words (SDwW) 
- Access Control List (ACL) 
- Information in directory s2gments and 


Sp2cial process security tables 


H - Branches 
ES eee ae | 
USER IDENTIFICATION 
MODE OF ACCESS (R,E,W,A) 
- | 
RING BRAGHET (ra,ar...) 
| eee ee 
{ : { 
| | 
USER IDENTIFICATION 
| | MODE ACCESS 
RING BRACKET 
| 
| 
{ 
{ 
ETC . 
| | 


Pigure 4.4 Data Structure of an ACL for an Individual Branch. 
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Apel eent (Si, 03, x) in b indic 
me has Cur. ent aeeess to object Of ln acces 
In SDW is a field which indicates 


(write, read, execute, Or append) 


An entry in M such as { r,w } indicates chat subjéect 
Beehas ce€ad and write permission with respect +3 object Oj, 
if Oj is a data segment. 

As example of the data structure of an access- 


Memecol list for an individual breach is shown in Pigur2 4.4. 
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DATA DIRECTORY 
SEGMENT SEGMENT 
Figur2= 4.5 Multics Hierarchiy Equivalent. 
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The hierarchy H of the nodal is structured to 


reflect the tree structure amoaj segments realized by 
Beanches 2n Multiscs. If O01 and Of are objects in the model 
moo H(Oi)inclides 03, ‘hen O01 1S he parent of Oj. Figure 


> chows this situation. 


duser-directory-directory)> 


7N 
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Figure 4.6 Ghasn oe Lacks. 


When directory control is supplied a path name for 
mie puLpcse of retrieving corresponding file-branch informa- 
mom, the desired directory entry is retrieved by link or 
branch. If it is a branch, the <arg2t has been reached, and 
if itis alink the path name f9 


Q n 
employed for a3 repetition of the ratrievel proce 
0 


— 
i 


possible that a chain of links evetually lead 
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Figurs 4.6 shows hew us2r4 grants permission «+o 
n 


user3, and user3 grants permission to user2 to use their 


zOUTInesS. Tf usar2 and user3 appear in che access control 
mest for <b> in user4u's user directory then user2 may use 
‘@ 


g 
3 may use "cc" as 


ty 


efereznce and use 


rj 


"ad" as a symbolic 


cr 
e tr 


a 
symbolic reference to he segment whose bdranch entry is 


named "bf, 


oe 





V. IMPLEMENTATION OF SULTICS [9 DATABASE SECURITY 
tae SekastcesscULauy “Model ancluding datz security in 
Multics has been discussed in the previous chapter. Before 
we further discuss the implementation of database security 


W 


iw 


will tak some asSumptions 3235 follow=d4: eo Se, 

although the Multics systam was daveloped and applied to 

operating systems for Honeywell conuputers, we will assume 

fjeeae At Can also be used by other computers in general. 
Secondly, we assume that users in the Indonesian Navy 

database? syst2m ace limited +c fives assistants for Chief of 

Staff of the Indonesian Navy, namely: 

ie  AsSastant for Security 

2. <ASSistant for Operations 

3. Assistant for Personnel 

He ASS2Stant for Logistics 


Be ASSiStant for Plannizag 


The seconi assumption is need2zi because thére are some 
Meteces Supervised by the Assistan=s which currently deal 


with the personn2l database systen. 

The descrinption of a directory has been discussed in 
Chapter IV, *hereferea ws will noc discuss how to finda 
segment in this chapter. 

The personnel databas2 in the Inionesian Navy is divided 
into 17 segments. The method propvossed here adds 2 segments 
which are: 

Segment 400, which is followed by elements number 
401-403, is divided into two, naga2ly segment 400 which is 
followed by elements number 401 and segment 500 which is 
followed by elements number 501. Tais change is needed since 


element's ocwners are different. 
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For the same reason, segment 500 which is followed by 
elements 501-502, is divided int twe segments, namely 
segment 600 followed by elements naumber 601-607 and segment 
700 followed by elements number 701-705. 

All changes area shown in the t3bl23 in Appendix C. 

We can Sunmarize +o this point that the personnel data- 
base is now divided into 19 s¢egméents and there are 5 usecs, 
which follow the sequence of assistant staffs. It hes been 
determined who owns each segment, and each owner has the 
authority to update the contents of his segment(s). 

To implemant the new security method mentioned above, it 
is necessary to set up a table containin all segments and 
their relation to each user. The table tells what segment 
belongs to whom and what kind of accesses are authorized +9 
other users. In this cas2 th2 DBA (Databas2 Administrator) 


@an artange “ha “able in the proper orier. 


TABLES 1 
Access Tabls 


—amewewea@e <2 = owes =—8 282 ae 8 82 ee See ew eee ee ee See eee ee ee eee ee ee eee es eee eee eee er eee eee eee eee eer eee eee eee eee eee ee er eee ee 
wee ep eee ee ee ee ee ee Se eee ee ee ee eee ee eee ee eee ieee eee eee see 


ELM DATA-NAMETYPE OF ACCESS 


# 1 a2 53 S4 S90 
ne dk s mm : 2 | 
200 «cHARACT =o ROsts~<“‘<ié‘éiCOSC‘C*;‘C‘“‘“‘ ‘C‘“( (C‘(; 
300 MARR iti 


a a See a ee ee 2 ee eee eee eee SD Se eee a ee eee ee ee ce a ee ee ee“ “ee a ee ee ee 








400 ADDR R RWAD 


—— oS See ee A a ee eee cee eee ee ee fae a eee oe ee ee ee ee eee SS Se a SSS Se 


500  ADDRSTA 7 R RW AD 


—_—— > a> ae ae a Se ee oe ee coe ee eee ce ee ee ee ee es es ce ce ce ec a 


600  BODYCHAR 7 RWAD 


———= ome: = > a> a <a sD OOS ee ee ee ee ee eee ee GG ee a a eee ea a aS ee ee SS 


700 PERKSI2Z R Rw AD 


ee a SS Se eee ee ee ee ee eee ee se a ae eee ee es ee ee ee ee a i ee a ee See ES ESS Oe eee es 


1000 PROFESS R R RWAD _ R 


1100 EDUC R R 2WAD _ R 


1200 SUBJ R R RW AD : R 


Eee GED GP <a GD a ee ee ee ee eee a eee ee GG ee Se Gee ee eee a ee ee ee 


1300 FAM R _ RWAD 


1400 FACT R Rw AD 


Se EP a aaa 





ape > ae ae ee > Se EE ee ee ee ee ee eee ee ee ee ee ee ae 


1500 EELUC RwAD 


SS GP a SP ee se Ge ee Gee eee eS me ee eee ee se PS Se a ee SP ee ee eee EE A a eee Oe ee 


1600 PAYROLL _ RWAD 


—— a a ee a ee ae ee ee ee ee ee ee ee ce ee ee ee em ce ec ee ce 


1700 oe RWAD 


oo & 





1800 WHOINV RWAD 


=o Gp aap Gee eee ek. ee eee ee ee eee eee EE ee ee SS es ce ce ee me me el eS lS 


1900 MEAS RWAD 


hee cad 

W - write 
fee ao peor 
D - del3zs 


Security is divided into 4 levels : 
i ‘Pop sesre= 
2. Secret 
5. ‘Ceomtidentzal, and 
4%. Unclassified 
Segment nambers 1700, 1800, and 1900 ara in the classi- 
fied levels and the cther segqments classifications wiil be 


@eescmmened in the future, depending on the needs of che 


= 


av 


se} 
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VI. CONCLUSIONS AND RECOMMENDATIONS 


It is justified here to draw some conclusions énd make 
recommendations concerning the impoctance cf personnel data- 
base security in the Indonesian Navy. 


The conclusions can be describei as follows: 


1. Database security is very important *o any catabase 
system, especially in the milicary. 
Zee The Mie wesw sys em provides basic concepts to achieve 


a sound database security systen 


3. The Indonesian Navy personnel database security can 
be improved by applying suzth concepts as the one 


described in this thesis. 


in order to implement this S2euweley |Wedel «in. “he 
Indonesian Navy database personnel system, i 


[0% 


1. Assign security personnel ander the DBA who will be 
responsible for <th2 security of the #xisting data- 
base. 


2. Conduct further research to axplore possible enhanch- 
ments to the physical design relatad im his 


Dre poss. 1: 
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APPENDIX 
DATABASE P 
Bach of these tables contains 
description. Example: " 1Male 
Male. 


1. PERSONAL STATUS: 


Avyegidsschacry 
01 Volunteer 
02 Obliged 


BemG@. v3 lian 


11 Daily_laborear 


12 Monthly labors 
iseenchiy laborer org 
1% Temporary Sovern 
15 Pre Government _c 
16 Civilian Government 


lieeeavea tan ts Litery 


2. PERSONAL CATEGORY: 


Not clear 
Active organic 
In charge 


In assistance 


—- WN = O&O 


Lise Leese cr 


3. S Eke 


1 Male 


4. MARITAL STATUS 


1 Married 


vo 
ee 


4 3 


indicates ccdée 


pO QW + DN vi 


ERSONNEL TABLES 


two elements: code and 


number 1 is 


placement 


G2 =eCce = OF 


MOney waiting (UT) 


Rstiread 


Female 


NOt married 





5. CHILDREN ALLOWANCE STATUS: 


1 Claimed by hin/ 2 Claimed by spouse 


herself 


ae HOUSING Ss Parus: 


1 Government-quarters 4+ Private/owned 

2 Mess 9 Rented 

SSP 5 Contract/leased 
7 With relations 


fe SLOOD TYPE: 


1 A 4 9 
2B Danek 
3 AB 


eon, COLORVOF SKIN: 


1 White 4 YeLilow-brown 
2erel Low 7B so 6h 
Jbl Sek 

Bee 6 OH AIRS 
(Seagate — lank 3. Sema ont= stig. 
eee Ly + Wavy 


jm. COLGR OF EYES: 


1 Biavek 3 Brown 


2 Blu2 4 Sreen 
11. SIZE OF PANTS/SHIRT: 


1 Small 3 Large 
2 Mediun 


“me. RELIGION: 


1 Meslen ae ena) 
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hes 


14. 


li: 


lio: 


a? « 


AES. 


2 Gavholrc 
3 Protestant 


STAEUS OF RANK: 


1 Effective 
2 Temporary 
3 In edwe@at ion 


TYPE OF PROMOTION: 


1 Regular 


2 BReeaiondt nary 


Sa U0S OF PLA CBAENT: 


QO Organic 
1 Labor (non organic) 
2 In charge (detached 


from parent command) 
REoULT OF EDUEATION: 


1 Graduated 


2 Not graduated 


FAMILY RELATION: 


Sspouss 
Gh id 
ois, 
Ghrld 
Chimied 


number 
number 


num per 


= wn = © 
&e WwW hwo = 


number 
RANK: 


Reels cary: 
Sore SAL S 
pa SeCONG Sai194r 
SP ams. Sailor 


Bor seeconad Corporal 


45 


ae 


ON 


Wi 


OO Ww ~J OV 


pudnes t 


Soruciran 


iiadny coli gazed 


fietaty titular 


In assistance (temporary 
addiatzonal duty) 
In direction (independent 


duty) 


Incomplets . 


Sood numbes. 5 
child number 6 
[hold numbes —/ 
Chiid number 8 
Child number 9 





g5 
83 
87 
85 
85 
84 
83 
82 
78 
77 
75 
68 
67 
65 
58 
57 
55 
5 


Pirst Corporal 

Second Sergzant 

First Serg2ant 

Head Sérgean* 

Sergeant Major 

Second Assistant Lisat2nanc 

First Assistant Lieutenant 

Gamaudeare Of ficear 

Second Lieutenant 

Foest Lieutenant 

Captain 

Meg) oO = 
1sutenanz Colonel 

Cowowe 1 

First Admiral 


Rear Admiral/Major sSéneral 


Vice Admiral/Lieutenaant General 


Admiral/sen2 ral 


B Civi iam 


i. 


A. 


48 
47 
46 
45 
38 
3H 
36 
30 
28 


GORPS;: 


Ms 


Group I/A 
Group I/B 
Group iC 
Group 7D 
Group II/A 
Group II/8 
SEqnD Li7Cc 
GEOup ii/D 
Group LTi/7A 


Vivca ry 


2a 
26 
ZS 
18 
17 
1S 
15 
14 


190 Sazlor/Deck (for officer cnly) 


15 


1 beck 


Group 
Grouo 
G2 Oup 


Group 


(Commodore) /Briqadier General 


fis 
Pee 
LE 
IV /A 
IvVss 
IV/C 
IV /D 
IV /E 





162 
16 3 
16 4 
165 
16 6 
157 


200 
Zam 
26:2 
26 3 
264 


300 
35 1 
302 
36 3 
354 
365 
356 
367 
368 


490 
46 1 
462 
46 3 
454 
465 
456 
467 
458 
459 
470 
471 


59 0 


Torpedo 

Weapon 

Constable 

Signal 

Telegram 

Under-Water Weaponry 


Technician/Engineer (for officer only) 
Mechanist 

Gomeetzuction 

Sip Construction 

Airplane Maintenance 


Piceeronmues T(2Or OLfLCS> only) 
Radio 

Radio-Radar Mechanic 
Blectro-~M2chine Meacnaanic 
EPSerere len 

Sub-Weapon Electricstian 

Breciano M=chas ic 

Weapon Els=stro Mechanic 


Bleetronica 


Mecine (lor offmeer sal y) 
Tartantry 

Amphibious 

Ele td Arti Lory 

Air Defence Artillery 
Tank 

Pansam (Amphibious Tank) 
Transportation 

Zapur Diet=nse Constructi3n) 
Communication-Electronica 
Nurse 


Fue d Suuport 
Adm Nestbac2On (fOr 2Jfficer saly) 
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56 1 
a2 
55 3 
56 4 
565 
35 6 
567 


690 
65 1 
652 
66 3 
664 
665 
666 


790 
76 1 
76 2 
153 
764 
785 
766 
oT 
768 
759 


800 
86 1 
86 2 
86 3 
864 
865 
86 6 
&5 7 
85 8 


Welten/Tyoi st 
Finance 

Support 

Family bussiness 
Cook-1 

C55. 

Tailor 


Heath foewosticer only) 
Nurse 

Radiologist 

Analyst 

bDemeeael Technician 

Chemist 


Assistant Chemist 


Spiecmalsse (Sor OLEEL Cer only) 
Judicaturs 

Intelligence 

Transportation 

Carpenter 

Physical Fitness 

Musician 

Photography 

Cinematoagr2 phy 


Misceilansous 


Woman (for officer only) 
Communication 
Writer/Typi st 

Pinance 

Information 

Physical Filtn2ss 

Nurse 

Nav-iInformation Defences 


Dae tedeieme Contrelle: 
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Oye Glergy (21ar officer only) 


Civilian: 


000 Administration 

091 General Administration 
002 Finance Aiministration 
093 Labor Administration 

GoW SWpport Agmanis = ration 
005 Nursing Administration 
006 Tachnical Administration 
097 Typist 

ONS Stenei] Mech 
099 Nursing Staff 


OVO Seatwstic Administration 


anc 


011 Law Administration 

Of2 Lineary Adeainilstrationa 

013 Transportation Administration 
014 Housing Administraczion 

O15 Host Administration 


016 Miscellarnsous Administration 


017 Technician 

018 Ship Technician 

019 Engine/Machine Technician 
020 Electro Technician 

O21 Goasteuctron Technician 
O22 Carpenter 

023 Welding Technician 

O24 Telephone-teléegraph Tachnician 
025 Radio Technician 

026 Mechanic/Driver 

027 Laborer 

028 Photographer 

O29 Film Operator 
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030 
031 
032 
O23 
034 
035 
036 
037 
038 
039 
040 


04 1 
04 2 
043 
044 
045 
046 
047 
048 
049 
050 
051 
052 
053 
054 
055 


056 
057 
058 
059 
06 0 
05 1 
062 
05 3 


Metal Technician 

Painter 

Weapon Technician 

Fipe Safety Inpec or 

Gon stEuctor 

General Controller 
Shipyard Worker 

Pump Technician 

Raiieoad Teachniciées 
Meteorological Technician 


Miscellanztous 


Nurse 

Dental Nurse 
General Nursing 
Midwife 
Pharmacy 
Physicthera phy 
Radiology 
Pediatric Nurse 
General Medical 
Opthalmologist 
Throat-nose-ear Physician 
Neurclogist 
Dermatologist 
Dyot salen 


Miscellaneous 


Specialist 
Teacher/Instructor 
Messenger 

C39 

Gardener 

Shoemaker 

Tailor 

Barber 
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ZO. 


GROUPE 


000 
001 
002 
00 3 
004 
005 
011 


100 
101 
102 
103 
111 
112 
Wis 


200 
291 


064 
065 
066 
057 
06 8 
059 
070 
071 
072 
073 
074 
OS 
076 
077 
078 


Jana COL 

Forester 
Sketcher 

Seeu rity 
Lifeguard 
Parking Master 
Fire Brigade 
Physical Fitness 
Artist 

Clergy 

Laundry 

Ocean Tide 
Petro-chemical Techaiician 
Geography 


Miscell2nsous 


SODEe Or LUUCAT ION : 


Seneral Development 


National Defense 


Jomat Co®mand & Statf college 
~Ommand & Staff Colleg2 Level 
wear Oot iacer CORTIinuiag Educat2on Level 
Were ortiacer Continuing EBdication Level 


WG@@RPeContinutng Education Level 


Formation 

Military Acadamy Level 

EUteMe tical Of f,eer Edusca=s2on Level 
SBavdiaace Orei1cer Education Level 
Sandidate NCO Education Level 
CamiGadase"COrp Oral Eqgcacton Level 


Seawerdae =e Eni: sted Edustsation Level 


Labor 


Labor Bducation Level 


a 





_-_ 








300 
301 
302 
308 
304 
30> 
306 


400 
401 
402 
40 3 
404 
495 


500 


Zi. HORE ELON OF PROFESSION: 


11 
AZ 
13 
14 
15 
16 
17 
18 
21 
22 


Maes SLATI 


Not include here for 


General Education 

University Level 

Academy Level 

Senior High School Leval 

Junior High School Level 
Elemantary School Leval (graduates 


Elementary school levsl (aot graduate) 


Sprectatist Military Edicazion 


Specialist 


JEteeer Specialist 


NCO Specialist 


Ehiwswed Specialist 


Tag ilaan Specials st 


S$eneral course 


Bohelon 1-A Zo Benton .2=s 
Bone ton i=8 ZA ese On 2-2) 
Echelon 1-C Zo heme © ac> 6 
Bone lon.) 1=D post One 2-F 
Banelon 18 Siseneion, 3-h 
Eonelon i-F a -eeene Ole s > So 
Fohelon 1-G Ba bene LO voc 
Bete lon. 1-H 34 Eshelon 3-D 
Rene lone —-A SS ens LoOn 3= 5 
Ec>helon 2B 4) Functional 
ON 3 


Z5. VIOLATION: 


1 Discipline 


Zoe 


ad 


securlty reasons. 


a 





24.9 WHAT S 


This table will be 


Itelligencey/Security of 


@eta at this time. 


fiss=. 


completed 


Since thse 


Se 


ave hor 





APPENDIX B 


DATABASE DICTIONARY 


This data dictionary contaias GSSCrioryons "Se . cae 


Personnel Data Base segments (data e2lements 
their 


1. 


g 
data €lements. There are six columns in th 


coups) 
aple: 


(0 
ct 


Element Number (ELM #). The data element/seament 
MiMbonmcOmtiaLtns eur diguts. (The first two digits is 
she segment number, beginiin From the root and 
increasing by one (leading zerses suppressed), and 
another two digits for the data element number in the 


segment beginning from one and increasing by ons. 


Data Element (DATA_ELEMENT). Tavs column) conmesins 
data slement/segment name 35 it is known to tha 


usSees. 


Data Name (DATA_NAME). This column contains the 
uhique name for data alemeat/segm 


used by programmer/user whe 


Per ] 
ry 
(D 
ct 
"4 
1 
WD 
<j 
{ be 
we 
WQ 
fu 
jy 


Database. 


Type (TYPs). This columm con <ains ths data é¢ 
type where N mears Numeric aad AN mans 


Alpha-Numeric. 


Numoer Of Shatactser ( OF CHAR). This columr cotains 
mamiier Df Characcers in the record field of +he data 


element/segment. 


Wese=2 ot icon (DESCRIPTHON). %Fhis column centains the 
descripticn of the data elanent/segment. Described 
are the data elenent/segmenzc relationships (déepen- 


TiO t,o crG.) , Key Cecord/segment, administrative 
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SomurOl,, Usage, and sadentgtications. This description 
helps the programmer/ user *=9 find ths path tc desire 

data eleaments/segnents in the database. 
The abbreviations usei in the iata dictionary table are: 
DB for Databas¢, segqm for segqmen, lev for level, ‘tbl for 
table. YYMMDD for Year (two digits), Month (two digits) and 
Date (two digits), occur for occurrance, depend= fer dépen- 


meme, Kg for Kilogram, and Cm for centimeter. 


— <= qa ee oe eee ee ee ee ee eee ee ee ee ee eee es ee eee ee ee a ee 
wan wun GU cee te ue cee ee eee ce ee ee ee ee eee ee ee ee es es es es es ee es es es es es es es es ee ee eee ee eee 


ELA DATA-ELEMENT DATA- EY=") £2OP DESCREET TON 
# NAME PE CHAR 
moO Main identification MAINID lis Root segm DB 


One OCcCcus 
101 Personal Serial SERNUM N 5 Recozd Ky 
Number (Main Key) 
102 Name NAME AN 26 Name, title 
we Corps CORPS N Seemces DS pL 
(19) 
104 Sex S2 N 1 See sex tbl (3) 
105 Src. a2 s¢ DMBIRTH q {Ye DD 
106 Birth place PMBIRTH AN 15 Towne (City) 
107 Religion RELIGION N 1 See religion 
Epime Z) 
wo 6 Trabe PDB AN a> = 
200 Personal CHARACT Dependt segm of 


MOOG Lew A. 
segm 2, on 


geecul 


22 





301 


Marriag2 


Marital 


Date of 


status 


status 


MARST 


N 


Dependt seam Of 
CHARACGCL, \l=v 3, 


segm 3, repeated 


See marital 
Status thi (4) 
segm key 
YYMMDD 


401 
402 


Address 


Address 


Housing 


status 


ADDRESS 
HOUSE 


HOUSDT 


levy 3, 


een ee 2 SP PP PF SF P22 BPP SP SP SFP SP SP Pee FF Be Ss SF Ps BF FPF VWse Bere ees 2s BFP ese BFP 2B SPB SPP 2 Se Ss SF SP Ss ww 


501 


502 


903 


904 


505 


506 


Body charachteristic 


Weight 
Height 


Blood ty 


Cole: 


Hair 


COT 


‘J 
iD 


of skin 


ef eyes 


BODYCHAR 


AEIGHT 


HEIGHT 


BLOOD 


SKIN 


HAIR 


EES 


56 


<4 


Depends 
SHaRaAc I, 


segm 5, 


segmn of 
lev 3, 
one 


9CCur 


Pik G 
fae 
See 
G1 


blood type 
(7), segm 
B22 263100 .Or 
Spl (8) 
=b 


skin 


ec hair 





507 
508 
509 


510 


a4 | 


@eeeweenaerD 2s ee PP SPP SBP SPs 2S SF SS |S = 


600 


601 


602 


603 


604 


605 


606 


607 


Size of shoes 


Zz 
SiZeron has 
Suze OL Dants 


Size Of Shirt 


Size of chest 


Category and status 


Original personal 


Seiceus 


bateeGt Crigeaal 


personal status 


Cupcent persone l 


Status 


Decte Of Circ ert 


personal status 


Personal category 


Date of personal 


Category 

Active jiuty 
obligated time 
(Active service 
duty began) 


SHOES 

HAT 

PANTS N 
Sai RT N 
CHEST N 
CAT EG 


ORPERST N 


ORPERDT N 


CRE Eo. N 


CRPERDT N 


CATEGORY N 


ES _ EP eeweeeee as we Se SPP SPs SF ae 2 SP ewe ss FBP eae SS 2 Se PSPS ee eee eee Se ee 


Dependt segm of 
Gua RAGE, lev 3 5 
Sé¢gm 6, one 


92 Cur 


S22 personal 
Staeus 251 9(1) 
YYMNMDD 


S3¢ personal 
us tbl (1) 


= 


ce 


“0 


YYSMDD 


ase @eewe 2 2 2S 2 weeeaaeese 2 2 Pe 2 2 SS SPSS Pe SP wee ese SPS 2 ewes 2 SPS SP SP Sse SP ese 2 SB 2 2 2 2S we SS SS Bee as = ow 


DTGORY N 
DTACT N 
RANK 


Dependt segm of 





701 


702 


m0 3 
704 


705 


706 


707 


80 1 
802 


803 


804 


Rank/Group 


Staeus Df seank 


Date cf rank 


Number o£ desision 


Letter 


Date of decisicn 
letter 


ct 


he 
decusion Letter 
eo: 


Who gave 


Type of promot 


on 


RANKG 


STRANK 


DTRANK 


NBDECLET 


Die Cree e 


GVDECLET? 


TP PROM 


EQOt, 12 Ve, 


S2qm 3, repeated 


Sce “sark -tbi 
(18), ségm key 
See status of 
crank tbl (13) 
YYMMDD 

Format: NNNNMMYY 
NNNN : Number 
MM Teeton eh 

YY 2° eae 
YYMMDD 


OPE TCLal 

PUNG eo nd ny 
See type of 
PpEeOwoe2 on = OL 
(14) 


Profession 


Name of prefession 


Number sf dacisior 


Dete of decisior 
letter 

Number 9€ 
professional 


7 oda fc 


PRO PES 


NMPROPF 
NBDECP 


Dee KO? 


NEWARP 


38 


N 2 

N 1 

N 

AN 

N 6 

a 

N 1 
at 

AN 15 

AN 

N 6 

AN 8 


Formac: NNNNMIYY 
NNNN $3 Number 

M if oa Orch 

Ty : Year 


NNNNWAN-YYMMDD 


moO ieee? ein hk. 
NNNN : Number 
MM ; Mente: 

ry si) Yeas 





30/5 
806 


807 


808 
809 


Date "Of Warrant 
Echelon of 
profession 


Sta2lon 
Reporting date 
Status of 


placement 


Date of placement 


DTWARP 
ECHELON 


STATION 


DES LAL 


STPLACE 


DT PLACE 


N 


NNNNNN-YYMMDD 
S22 echelon 

tbl (21) 

Seo cc ede ep. 
(22) 

Yer 

Se2 status of 
Diacement <=bl 
(15) 

YYASDD 


901 


902 


903 
904 
905 


906 
907 


manea 2 On 


Sueun code of 


education 


Baueation 
Institute's Name 
Start date 
Completion date 
Sea on 

Town (city) 
ReSuattaoL 
eiuca=i19n 


Class standing 


Class size 


BDUGCCD 


sDUCNM 


EDUCSD 
EDUCCM 
BOSS 


EDTOWN 


RESULT 


CSTAND 
CSIGE 


AN 


= 


=< 


15 


Depend* segm of 
Poe Lev 2, 


segqm 9, r2apeated 


S32 group code 
Sim diea. 1391 
tbl (20), s2gn 
key 


YYMMDD 

YYMMDD 

See Ststion 
tbl oz2) 

See result of 
S16 couches 16 sep 
(16) 


a2 


Dependt seqm of 
EDUG,. lev 3, 





repeated 
1001 Subject name SUBJECT AN 15 S2gm key 
1002 Grade GRADZ AN 3 can be numeric 


95 alphabetic 


1100 Family FAM 76 Dependt segm of 
Gost, lev. 2, 


segm 6, repeated 


1101 Family nane FNAME AN 26 Name, «itile 

1102 Family relation PRG N 1 See family 
Eevee On stb. 
(17), seqm key 

M703 Sex Fon N 1 S22 sex tbl (3) 

1104 Birth date PDB Rea N 6 YYMMDD 

1104 Birth place EPBLIRTH AN 15 Powe ¢Ca ty) 

1105 Religicn FPRELIGI N 1 Sée2 religion 
ores) 

1107 Address FADDR AN 26 - 

mod Activity rac. 48 Devendt segnm of 
FAM, Lev 3, 
repeated 

1201 Name of activity PNACT AN 26 Segqm key 

1202 Place of activity FPACT AN 15 own (Gat ¥) 

feos Start date FSACT N 6 YYMMDD 

1204 Completion date Pener N 6 YYMMDD 

1300 Pamily education FEDUC 16 Dependt segm of 
FAM, lev 3, 
segnm 13, 


repeated 


60 





FEDNACT AN 


fe01 Education 15 - 
Institute's Nane 
i302 Group code of FCDACT N 3 S22 group code 
education Sf edwicasion 
tbl (20), segn 
key 
1303 Result sf REE RES N 1 See result of 
education SOGals ome eo) 
(16) 

1400 Payroll PAYROLL a9 Déependt segm of 
BOS, Sav 2, 
seqm 14, one 
Scetrs 

1401 Date cf begining DBPAY N 6 YYAND. 

payroll 

1402 Rank in payroll RKPAY N 2 See rank +b] 
(18) 

1403 Payroll period PER PAY N 3 LnaMemch 

1404 Number of children CHFAM N 1 - 

authorized family 
allowence 

14405 Status of children STCHE AM N 1 Se2 chiidter 

authorized family allowance 
allowensse Status tbl (5) 

1406 Main salary MAINSAL N In Rupiah 

1407 Wife's family WFALL 5 [me kuUpsan 

allowance 

1408 Children family CHALL N 5 In Rupiah 

allecwance 

1409 Other family OTALL N 5 In kupiah 

allowance 

fro )6©Obligated reduction OBKED N 5 THe eep2sh 


6 1 





1411 
1412 
1413 
1414 


Rice reduction 
Other reduction 
Total salary 
Uneeeot payroll 


RCR ED 
OTRED 
TOTSAL 
UNPAY 


we Oe, 


< 


2-H WwW WY 


In Rupiah 
In Rupiah 
In Rupiah 
S22 station 


tbl (22), sean 


eenrnemeewae se Be 2 wee BP ee ee Pee SBF PP eee SBP Pe BP es 2B PSP Sees es BS Se eS ee Se ee eee eee ee eee Se oe ee 


1501 


1502 


1503 
1504 
1505 


Security 


Violation/Infrings 


What 


Where 
When 
Why 


Vee 


WAAT 


WHERS 
WHEN 
WHY 


AN 


SEEN slo ise a ohewA 


infringe <yp2 


tbi (23), segm 
Key 

See Khas bs 
(24) 

Pow waters y) 
YYMMDD 


This reasen 
description is 
stored in other 
file with key 
number hers 

(N 5) 

Same as 1505 


=_—ne Eee ee Beene ese Oe SFP SF SP SPs PPP ese Fee Be PP SPs sse see BeeeTcs 82 SBF BP Be Be w@ @B SP 2S DS @ Ss DP ww |S = 


1601 
1602 


Who involved 


Name involved 


Personal 


WHOINV 


INVNAME 
PoRoLD 
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AN 
AN 


pendt segm of 
. 


PEN 25) 





Hdentz fication 


PROFINV 


number or other 
valid identi- 


ficas=2on 


Type of action 
See 861 ce 


Completion date 


AN 


_ene RP awe EP «Ee awe 22 aw 22 apenr E e eee am 2B a ae ew ee ee Se ae ee ee a emo eee oe ee ee cee ee eee eee ee ae 
ee a oe oe ee eee ee ee ee eee ee eee i a ee eos i es eee ee i ee 
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Data Base 
elements. 
(See 


101 


102 
103 


104 
105 
106 
eo 


NEW DATABASE DICIIOWARY 


Upesmeara GiectLorery Contains descriptions 3£ 


ana 


hoj-s=-gn DB 


lev 1, sean 1, 


On ewececuse 


sejments (data elements groups) 
Theres are Sox colunnas 17 
Apoerndix B for abbreviations) 
DATA-ELEMENT DATA- TY- #OF 
NAME Pe GCHAR 
Main identification MAINID 76 
Personal Sériial SERNUA N 9 
Number 
Name NAME AN 26 
Sonus CORPS N 
S¢x SEX N 1 
Biase da 2 = DMBIRTH N 
Batth place PMBIRTH AN 15 
Religion RELIGION N 1 
Tribe TRIBS AN i 
Parsonal CHARACT 
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Dependt segm orf 
lev 1, 
stgm 2, 


BOO 


On 





300 Marriags MARR a. Depend+ sega of 
CHARACT, lev 3, 


seam 3, repeated 


tn 


301 Marital status MARST N 1 S22 marital 
Sc2cus =bl (4) 
seqm key 


302 Date of status MARDT N 6 YYMMDD 


— ww << <oee oe aee ee G eee cee e  Oe c  e G c 


400 Address ADDR 26 Depend* segqm of 
CHARACT, 2ey 3, 


segm 4, repeatec 


401 Address ADDRESS AN 26 - 

500 Address status ADDRSTA 7 Dependt segm of 
ADDR, lev 4, 
s2gm 5, repeated 

mo. Housing status HOUSE N 1 S22 housin 
status «bl (6) 
segm key 

502 Date of status HOUSDT N 6 YYMMDD 

Bevo Body charachteristic BODYCHAR 10 Depend- segm cf 
SHARACT, lev 3, 
S2gm 6, one 
SocwT 

601 Waight WEIGHT N 3 Ir Kg 

602 Height HEIGHT N 3 In Cn 

603 Blood type BLOOD N 1 St¢ blood <zypz 





004 


605 


606 


700 


701 
7102 
703 


704 


Color of skin 


Hair 


Color of eyes 





Personal size 


Size of shoes 
Size of hat 


S2 Zen 0f Dants 


Size of shirt 


SKIN 


HAIR 


EYES 


Pik S02 


SHO dS 
HAT 
PANTS 


SHL RT 


8 


‘ 
bet 


= COlCr Of 
aimee OL (5) 
¢2 hair tbl 


YO Aw 


Ui 
er 
‘- 


5? wa 


9) 
e2 color of 
aves = Od (7190) 


Depsndt seqm o 
BODYCHAR, leve 
G, stgqgm 7, one 


9oCUL 


< 
4. 


i 
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801 
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803 


804 


Category and status 


Original personal 
Status 

Bate Or Cregonal 
personal status 
Current personal 


status 


Date of curren* 


personel status 


GREP ino. 


ORPERDT 


CREERSSI 


CRPERDT 
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See personal 
Sstaeus =Di 41) 
Ssqm Key 
YYMMDD 








805 


806 


807 


Personal category 


Date of personal 
category 

Active duty 
obligated t*+ime 
(Active service 


duty began) 


CATEGORY N 


See personal 


pegery =p) 


Q 
su 


Yer DD 


901 


902 


903 
904 


20 5 


906 


207 


Rank/Group 


Swaseuse of (rank 
Date of rank 
Number sf decision 
latter 


Date of decisicn 
latter 

Who gav2 the 
decision letter 


Type of promoticn 


DT GORY N 
DTACT N 
RANK 

RANKG N 
STRANK N 
DTRANK N 


NBDECLET AWN 


DTDECLET N 


GVDECLET AN 


Ree nO N 


Ue 


See crank *+bl 
(18), 
Sse status of 
Fans tbl (13) 
YYMMDD 


segm key 


NNNNMMY Y 


Number 


Poa tia =: 
NNNN 3 
MM : 
ry : 
YYMMDD 


th © 
cs rh 
é rh 
$4 
Q 
}4 
™ 
}-/ 


Y2 
(yy 
(PD + 
Q 
cr ct 
$< 
7's =O 
1) 
O 
rh 


a UW 
=nd ts 
= QO 


ewe fs aeaee 2 ae S22 2 Pe SP SB SPs S22 SP eee Be as BP ese PF eee wees S&F BSB Sse Ss PSP ee 2B Sse 2 82 SB SP SP SP ae BS Sf S| ww 


Professica 


ee Gre S 
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Depend* 
Veyy 2. 
segn 10, 


seam of 


Eooc. 





1001 
1902 


1003 


1004 


1005 
1006 


1007 


1008 
1009 


Name of profession 


Number of decision 


Date of decision 
letter 

Number of 
professional 


warrant 


Date Cr warrant 
Echelor of 
profession 


Scanlon 


NEP ROE 
NBDECP 


Die nO s 


NBWARP 


DIWARP 
ECHELON 


STATION 


DiS ne 


SPACE 


DT PLACE 


AN 
AN 


AN 


repeated 


Format: NNNNMMYY 
NNNN Number 
MM =) Men en 

TY >; Year 
NNNNNN-YYMMDD 


Focmat: NNNNMMYY 
NNNN : Number 
Ma Seren cn 

Ney. >; Year 


NNNNNN-YYMMDD 
S¢2 echelon 

Eine 2 i} 

See station tbl 
(22) 

Y YD D 

See tstacas of 
placement tbl 
(15) 

YY MND D 


1101 


1102 


Education 


Grouo code of 


educationa 


Sducation 


Institute*s Name 


BvUCeD 


EDUCNE 


68 


oe 
e-s 
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i> 


S2e group code 


Sf meduca:t on 
Ebl (20), segm 
ke 





Nelo. 
1104 
1105 


1106 
1107 


Stert date 
Completion date 


Station 


Town (city) 
Resui. of 


educa*ion 


Class standing 


Class size 


mp eS) 
EDU CEM 
EDSTAT 


EDTOWN 


RESULT 


CSTAND 
CSb45 


AN 


TaD D 
YYMMDD 


Subject 


Subject name 


Grade 


SUBS ECT 
GRADE 


AN 
AN 


Can be numeric 


ap adpha betac 


anne ewe neee 22 SBP BP 2 PF eae SBS SP SPS SF SBP SF SPP SPF 2 SBS SFP 2 BFS 2 BPs PSs PSP 2 SS SP 2 S22 SS SPF Se S22 Pe Ss 2S Se ae ae 


1301 
neO.2 


1303 
1304 
1304 
05 


1307 


Family name2 


Family calation 


S 2x 

Birth date 
Birth place 
Redon 


Address 


FNAME 


FPSEX 

Pe reek ta 
Pep en ii 
PERE LIGh 


fFADDR 
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AN 


26 


Dependt segqm or 
Eao=, Ley 2, 
segn 13, 


repeated 


Nantje, title 
See family 
Pelazsen 21 
(17), segm key 
See sex tbl (3) 
YYMMDD 


Lewin (Gur. y 


Sel? 


on 


}4- 


= 


b 


t) 
4 


Ua 


alig 
(12) 


4 


cr 
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1401 
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1403 
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Name of activity 


BPase'ce of activity 


Start date 


Completion date 


26 
i 


Cea» 
YYHADD 
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1501 


1502 


1503 


Family education 


Wduace <= 10 7 


Institute's Name 


GEeqQup coderoft 


education 


Result of 
aducation 


FACT 

FNACT AN 
Bere AN 
FSACT N 

FCACT N 

Pao ue 


FEDNACT AN 


ie 


Dependt segnm of 
FAN, Lev. 3, 
Segm 15, 


repeated 


e 
etuea: LOn eb) 
(16) 
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1601 


1602 


Payroll 


Date of begining 


payroll 
Rank in payroll 


FORACT N 
Peo Ros N 
PAYROLL 

DEE AY N 
RKP AY aq 
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Dependt segm of 


ee a ca 


See rank tbl 





1603 
1604 


1605 


1606 


1607 


1608 


1609 


1610 


1611 


1612 


1613 
1614 


Haysoll period 
Number 2f children 
authorized family 
allowence 

Staeus 9f childzen 
authorized family 
allowence 

Main salary 

Wife's family 
allowance 

Children family 
allowance 

Other family 
allowance 
Obligated reduction 
Race* redwe=ron 
Other <reduct ion 
Total salary 


Unites payroll 


PER PAY 
CHFAM 


STCHFAM 


MAINSAL 


WALL 


CHALL 


OTALL 


OBRED 


RCRED 


OTRED 


TOTSAL 
UNPAY 


— 


=a wm & 


SO wy WN WN 


(18) 
In Month 


Secmens bd zy 
allowanc?2 
Status «bl (5) 
In Rupiah 

Pee Rilom a 


In Rupiah 


In Rupiah 


In Rupiah 
TL aeerinp ae h 
In Rupiah 
In Rupiah 


so \6ta~ 36 


cs 


fan ee ee ep ape ae ae AP ee Se See Se eS PP See Se SP PE Se SB SPP SS See SP SBP SB SS See SB SBP ee ee SB SF BB Se Se SB SBP SP ee ee ee See eee ee eee eee ee ee oe 


1701 


1702 


1703 


Security 


Veotet an /latrange 


Veo 


WHAT 


WHERE 


a 


N 


Dependt segm of 
Tew 2s 
le; 


gm 
repeated 


EOO =, 


~ 
ad 
— 


V) 


See violaticn/ 


infringe type 


col (23) 4 sean 
Key 

See what tbl 
(24) 


Powam (C22 y) 





1704 
1705 


When 
Why 


WHEN 
WHY 


N 


(N 5) 


1801 
1802 


Who involved 


2 


identification 


Proeression 


WHOINV 


INVNAME 
PiteowD 


PROFINV 


AN 
AN 


Dependt segn of 
Shee tcy 3. 
s2egqm 18, 
repeated 

S2gm key 
Personal serial 
QMumber or other 
valid identi- 


Ex CoE On 


type. Of ict hon 
Scaecs date 


Completion date 


AN 


— oe eee ee ee eee eee eee ees eee ee es ee see ea ao ee eee ee ee eee ee 
ee ee ee ee eee eee eee eee eee ee eee eee ee ee eee eee eee eee eee oe 
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